Computational Verifiable Secret Sharing Revisited

  • Michael Backes
  • Aniket Kate
  • Arpita Patra
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7073)


Verifiable secret sharing (VSS) is an important primitive in distributed cryptography that allows a dealer to share a secret among n parties in the presence of an adversary controlling at most t of them. In the computational setting, the feasibility of VSS schemes based on commitments was established over two decades ago. Interestingly, all known computational VSS schemes rely on the homomorphic nature of these commitments or achieve weaker guarantees. As homomorphism is not inherent to commitments or to the computational setting in general, a closer look at its utility to VSS is called for. In this work, we demonstrate that homomorphism of commitments is not a necessity for computational VSS in the synchronous or in the asynchronous communication model. We present new VSS schemes based only on the definitional properties of commitments that are almost as good as the existing VSS schemes based on homomorphic commitments. Importantly, they have significantly lower communication complexities than their (statistical or perfect) unconditional counterparts.

Further, in the synchronous communication model, we observe that a crucial interactive complexity measure of round complexity has never been formally studied for computational VSS. Interestingly, for the optimal resiliency conditions, the least possible round complexity in the known computational VSS schemes is identical to that in the (statistical or perfect) unconditional setting: three rounds. Considering the strength of the computational setting, this equivalence is certainly surprising. In this work, we show that three rounds are actually not mandatory for computational VSS. We present the first two-round VSS scheme for n ≥ 2t + 1 and lower-bound the result tightly by proving the impossibility of one-round computational VSS for t ≥ 2 or n ≤ 3t. We also include a new two-round VSS scheme using homomorphic commitments that has the same communication complexity as the well-known three-round Feldman and Pedersen VSS schemes.


Verifiable Secret Sharing Round Complexity Commitments Homomorphism 


  1. 1.
    Backes, M., Kate, A., Patra, A.: Computational Verifiable Secret Sharing Revisited. Cryptology ePrint Archive, Report 2011/281 (2011)Google Scholar
  2. 2.
    Blakley, G.R.: Safeguarding Cryptographic Keys. In: The National Computer Conference, pp. 313–317 (1979)Google Scholar
  3. 3.
    Cachin, C., Kursawe, K., Lysyanskaya, A., Strobl, R.: Asynchronous Verifiable Secret Sharing and Proactive Cryptosystems. In: ACM CCS 2002, pp. 88–97 (2002)Google Scholar
  4. 4.
    Canetti, R.: Studies in Secure Multiparty Computation and Applications. Ph.D. thesis, The Weizmann Institute of Science (1996)Google Scholar
  5. 5.
    Canetti, R., Rabin, T.: Fast Asynchronous Byzantine Agreement with Optimal Resilience. In: ACM STOC 1993, pp. 42–51 (1993)Google Scholar
  6. 6.
    Chor, B., Goldwasser, S., Micali, S., Awerbuch, B.: Verifiable Secret Sharing and Achieving Simultaneity in the Presence of Faults. In: IEEE FOCS 1985, pp. 383–395 (1985)Google Scholar
  7. 7.
    D’Arco, P., Stinson, D.R.: On Unconditionally Secure Robust Distributed Key Distribution Centers. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 346–363. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Dolev, D., Dwork, C., Waarts, O., Yung, M.: Perfectly secure message transmission. J. ACM 40(1), 17–47 (1993)Google Scholar
  9. 9.
    Feldman, P.: A Practical Scheme for Non-interactive Verifiable Secret Sharing. In: IEEE FOCS 1987, pp. 427–437 (1987)Google Scholar
  10. 10.
    Fitzi, M., Garay, J.A., Gollakota, S., Rangan, C.P., Srinathan, K.: Round-Optimal and Efficient Verifiable Secret Sharing. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 329–342. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Gennaro, R., Ishai, Y., Kushilevitz, E., Rabin, T.: The round complexity of verifiable secret sharing and secure multicast. In: ACM STOC 2001, pp. 580–589 (2001)Google Scholar
  12. 12.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure Distributed Key Generation for Discrete-Log Based Cryptosystems. J. of Cryptology 20(1), 51–83 (2007)Google Scholar
  13. 13.
    Gennaro, R., Rabin, M.O., Rabin, T.: Simplified VSS and Fact-Track Multiparty Computations with Applications to Threshold Cryptography. In: ACM PODC 1998, pp. 101–111 (1998)Google Scholar
  14. 14.
    Goldreich, O., Kahan, A.: How to Construct Constant-Round Zero-Knowledge Proof Systems for NP. J. Cryptology 9(3), 167–190 (1996)Google Scholar
  15. 15.
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity for all languages in np have zero-knowledge proof systems. J. ACM 38(3), 691–729 (1991)Google Scholar
  16. 16.
    Haitner, I., Reingold, O.: Statistically-hiding commitment from any one-way function. In: ACM STOC 2007, pp. 1–10 (2007)Google Scholar
  17. 17.
    Halevi, S., Micali, S.: Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 201–215. Springer, Heidelberg (1996)Google Scholar
  18. 18.
    Herzberg, A., Jarecki, S., Krawczyk, H., Yung, M.: Proactive Secret Sharing or: How to Cope with Perpetual Leakage. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 339–352. Springer, Heidelberg (1995)Google Scholar
  19. 19.
    Kate, A., Goldberg, I.: Distributed Key Generation for the Internet. In: Proc. Intl. Conf. on Distributed Computing Systems (ICDCS), pp. 119–128 (2009)Google Scholar
  20. 20.
    Katz, J., Koo, C.-Y., Kumaresan, R.: Improving the Round Complexity of VSS in Point-to-Point Networks. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 499–510. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  21. 21.
    Kumaresan, R., Patra, A., Rangan, C.P.: The Round Complexity of Verifiable Secret Sharing: The Statistical Case. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 431–447. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  22. 22.
    Naor, M., Ostrovsky, R., Venkatesan, R., Yung, M.: Perfect Zero-Knowledge Arguments for P Using Any One-Way Permutation. J. Cryptology 11(2), 87–108 (1998)Google Scholar
  23. 23.
    Patra, A., Choudhary, A., Rabin, T., Rangan, C.P.: The Round Complexity of Verifiable Secret Sharing Revisited. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 487–504. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. 24.
    Patra, A., Choudhary, A., Rangan, C.P.: Efficient Asynchronous Byzantine Agreement with Optimal Resilience. In: ACM PODC 2009, pp. 92–101 (2009)Google Scholar
  25. 25.
    Patra, A., Choudhary, A., Rangan, C.P.: Efficient Statistical Asynchronous Verifiable Secret Sharing with Optimal Resilience. In: Kurosawa, K. (ed.) Information Theoretic Security. LNCS, vol. 5973, pp. 74–92. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  26. 26.
    Pedersen, T.P.: A Threshold Cryptosystem Without a Trusted Party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991)Google Scholar
  27. 27.
    Pedersen, T.P.: Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  28. 28.
    Rabin, T., Ben-Or, M.: Verifiable Secret Sharing and Multiparty Protocols with Honest Majority (Extended Abstract). In: ACM STOC 1989, pp. 73–85 (1989)Google Scholar
  29. 29.
    Schultz, D.A., Liskov, B., Liskov, M.: MPSS: Mobile Proactive Secret Sharing. ACM Trans. Inf. Syst. Secur. 13(4), 34 (2010)Google Scholar
  30. 30.
    Shamir, A.: How to Share a Secret. Commun. ACM 22(11), 612–613 (1979)Google Scholar
  31. 31.
    Zhou, L., Schneider, F.B., van Renesse, R.: APSS: Proactive Secret Sharing in Asynchronous Systems. ACM Trans. Inf. Syst. Secur. 8(3), 259–286 (2005)Google Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Michael Backes
    • 1
    • 2
  • Aniket Kate
    • 1
  • Arpita Patra
    • 3
  1. 1.Max Planck Institute for Software Systems (MPI-SWS)Germany
  2. 2.Saarland UniversityGermany
  3. 3.Aarhus UniversityDenmark

Personalised recommendations